New National Intelligence Estimate to Detail China's Cyber Threat

Two former U.S. officials have told the Associated Press that a new National Intelligence Estimate (NEI) is being prepared, and that it will include details of the economic impact cyberattacks from China have on the nation.

The NIE reflects the views of the nation’s intelligence agencies, and according to the officials who spoke to the AP on the condition of anonymity (as they were not authorized to discuss the classified report), the latest report is expected to detail cyberthreat data, particularly form China, and the impact it has on the U.S. economy. Moreover, it will cite the role played by the Chinese government in state-sponsored espionage.

According to the AP report, such threats pose a growing problem. The NIE is also expected to place a serious amount of emphasis on diplomatic and trade measures that can be used against China’s government for their role in these ongoing campaigns. According to comments made to the AP by Secretary of State Hillary Rodham Clinton, the U.S. will begin making it clear to China that both government and private sector will be protected from cyberattacks and other intrusions.

The need for a stronger stance and reaction can be attributed to attacks similar to the ones that were disclosed at The New York Times and The Wall Street Journal this week. According to the Times, 53 employees were targeted by hackers in China by what is presumed to be a Spearphishing attack, which gave the attackers their network credentials.

This resulted in 45 pieces of malware being created, each one unique and previously unknown to the signature engines used by Symantec – who provides endpoint protection to the Times.

The malware was used to control the systems and record keystrokes and other data, as part of an effort to discover sources who fed information to the Times about Premier Wen Jiabao. The Times said that the breach lasted four months, noting that Symantec’s software only detected one of the samples during the entire event.

In a statement Symantec indirectly, passively even, suggested that the Times failed to utilize all of the features available to them as part of a layered security program. The AV giant said that attacks such as the ones detailed by the Times underscore how important it is for companies, countries and consumers to make sure they are using the full capability of [their] security solutions.

“The advanced capabilities in our endpoint offerings, including our unique reputation-based technology and behavior-based blocking, specifically target sophisticated attacks. Turning on only the signature-based anti-virus components of endpoint solutions alone are not enough in a world that is changing daily from attacks and threats. We encourage customers to be very aggressive in deploying solutions that offer a combined approach to security. Anti-virus software alone is not enough,” Symantec’s statement said.

"Evidence shows that infiltration efforts target the monitoring of the Journal's coverage of China, and are not an attempt to gain commercial advantage or to misappropriate customer information," said a statement from Paula Keve of Journal parent Dow Jones, a unit of Rupert Murdoch's News Corp.

For their part, China calls the claims by both news publications groundless. Speaking to the report from the Times, Foreign Ministry spokesman Hong Lei told reporters in Beijing “competent Chinese authorities have already issued a clear response to the groundless accusations made by the New York Times.”

“To arbitrarily assert and to conclude without hard evidence that China participated in such hacking attacks is totally irresponsible. China is also a victim of hacking attacks. Chinese laws clearly forbid hacking attacks, and we hope relevant parties takes a responsible attitude on this issue.”

In related news, Symantec reported on Thursday that they’ve discovered a targeted attack aimed at high-level employees in the defense and aerospace industries. There have also been reports of users in China being targeted by a Man-in-the-Middle attack on GitHub.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.